A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
The better bound of private key in RSA with unbalanced primes
Applied Mathematics and Computation
On the Design of RSA with Short Secret Exponent
ASIACRYPT '99 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Cryptanalysis of the RSA Schemes with Short Secret Exponent from Asiacrypt '99
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
RSA with balanced short exponents and its application to entity authentication
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Cryptanalysis of RSA with private key d less than N0.292
IEEE Transactions on Information Theory
A variant of Wiener's attack on RSA with small secret exponent
ACM Communications in Computer Algebra
Cryptanalysis of Short Exponent RSA with Primes Sharing Least Significant Bits
CANS '08 Proceedings of the 7th International Conference on Cryptology and Network Security
Improved Partial Key Exposure Attacks on RSA by Guessing a Few Bits of One of the Prime Factors
Information Security and Cryptology --- ICISC 2008
On the improvement of fermat factorization
NSS'12 Proceedings of the 6th international conference on Network and System Security
On the improvement of Fermat factorization using a continued fraction technique
Future Generation Computer Systems
Hi-index | 0.00 |
In the RSA system, balanced modulus Ndenotes a product of two large prime numbers pand q, where qpq. Since Integer-Factorization is difficult, pand qare simply estimated as ${\sqrt{N}}$. In the Wiener attack, $2\sqrt{N}$ is adopted to be the estimation of p+ qin order to raise the security boundary of private-exponent d. This work proposes a novel approach, called EPF, to determine the appropriate prime-factors of N. The estimated values are called "EPFs of N", and are denoted as pEand qE. Thus pEand qEcan be adopted to estimate p+ qmore accurately than by simply adopting $2\sqrt{N}$. In addition, we show that the Verheul and Tilborg's extension of the Wiener attack can be considered to be brute-guessing for the MSBs of p+ q. Comparing with their work, EPF can extend the Wiener attack to reduce the cost of exhaustive-searching for 2r+ 8 bits down to 2r茂戮驴 10 bits, where rdepends on Nand the private key d. The security boundary of private-exponent dcan be raised 9 bits again over Verheul and Tilborg's result.